Device and method for intermediation between service providers and their users

ABSTRACT

An intermediation apparatus is designed to interconnect at least one service provider and at least one user by using a non-Internet channel. The apparatus includes an intelligent connection management unit for recognizing an incoming protocol and for selecting an outgoing protocol and an outgoing communications channel by referring to databases. A protocol conversion unit controlled by the management unit interconnects a service provider using a channel that implements a first communications protocol and a user using the non-Internet channel that implements a second communications protocol. The non-Internet channel is advantageously a wireless communications channel.

The present invention relates to communication of data between at leastone service provider and service users over a route, at least a portionwhich is situated outside the Internet. The route can, for example, besituated in a “wireless” communications network, such as a cellularmobile telephone network. The service provider generally comprises anyentity that makes available remotely a service, in the broad sense ofthe term: services for communications, information, recording, accesscontrol, discussion forums, sales of services or of goods, etc. In thiscontext, the invention proposes an intermediation platform enabling aservice provider to reach a service user and vice versa under allconditions and with good quality distribution of the service.

Today, on its own server, a service provider has digital data, software,and other files representing its service. In general, it does not haveits own communications infrastructure, that aspect being provided byexternal communications networks. Among such external networks, theInternet constitutes end-to-end communications means enabling customersto access the services via a computer. However, the Internet suffersfrom numerous drawbacks: it is not possible to identify the user of theservice, or the provider of the service, and the network is difficult tomake secure.

FIG. 1 shows the current environment for communications between serviceproviders SP and the various types of user terminal UT, represented by amobile telephone terminal 2, and a computer 4 of the personal computer(PC) type.

Generally, interchange between the service providers SP and the userterminals UT currently goes via the Internet 6 (Internet channel (IC).On the user terminal side UT, the connection to the Internet 6 can takeplace via various intermediate sub-networks or “gateways” which link up(arrow F1) with the Internet 6 to connect the service providers SP. FIG.1 shows an example in the form of a wireless application protocol (WAP)gateway 8 used by the various mobile telephone operators or “mobilenetwork operators” (MNOs) 10.

Another connection in common use is an “all-Internet” connection betweenthe service provider SP (arrow F2) and the PC 4 of the user U.

Therefore, on the user side, numerous possible different types ofterminal exist, each operating on the basis of an independent operator(e.g. among the various MNOs accessible in a geographical area) makingit possible to access in various manners the various services offered bythe service providers SP situated on the other side of the Internet 6.

The networks of the MNOs 10 constitute gateways managed by variousindependent operators, and have resulted in a “wireless data ecosystem”which has the potential to satisfy the requirements of the serviceproviders, but at the cost of establishing agreements with a pluralityof MNOs, and of providing each service in various forms each adapted tothe specific protocol of a respective MNO.

The gateways constitute non-Internet channels NIC passing throughvarious possible MNOs and other non-Internet gateway operators. Thenon-Internet channel NIC can incorporate not only the MNOs but also moregenerally any communications means external to the Internet.

Agreements exist between service providers and MNOs enabling a user toreceive a proper service via reliable communications means. However,such solutions have numerous limitations. The service provider isdependent on the wireless communications network of an externaloperator. Its service must adapt to the requirements of thecommunications means, in particular for the functions that concern it,such as:

-   -   range of the service, in general limited to one region or to one        country;    -   means for identifying the user;    -   protection of interchanged data; and    -   payment solution, etc.

The MNOs 10 can offer to their subscribers only those services for whichthey have agreements with the service providers SP in question.Furthermore a subscriber who travels to another country no longer hasaccess to the same services because that subscriber is no longer servedby the same MNO. An MNO who has a dual function as telephone operatorand as provider of services other than telephone services can proposeits own services to its subscribers only.

In view of those drawbacks and limitations, service providers aretending to develop their own communications infrastructures which aresometimes based on new technologies and which compete with the existinginfrastructures of the communications operators. But such a specificinfrastructure generally also suffers from the same weaknesses.

In addition, present-day users of services wish to have a wide choice ofservices, to receive them with quality regardless of the geographicalsituation of the user, and without being limited to one communicationsoperator and to one service provider. Often, such a user has a pluralityof communications sets based on various different technologies, e.g. amobile telephone terminal, a personal digital assistant (PDA), a PC, aninteractive TV set-top box (iTV set-top box), etc. Users wish to be ableto receive the service of their choice at any time, anywhere, with thebest possible quality, and on the set that is the highest performance inthe situation in question.

An object of the invention is to satisfy the expectations of theexisting non-Internet operators (NIOs), in particular, but notexclusively MNOs, by enabling them to make the best possible use oftheir infrastructures for as many services as possible, and thus toperform a function that extends beyond merely supplying communicationschannels.

Another object of the invention is to enable service providers to have aplatform offering optimum distribution.

These objects are achieved by the invention by making provision to setup an intelligent intermediation platform for non-Internet channels, towhich platform any service provider can connect in order to communicatewith the various user terminals by using a non-Internet channel.

Such a channel is transparent to the service provider, theintermediation platform taking charge firstly of selecting thenon-Internet operator as a function of the addressed user U, andsecondly of adapting the communication to the specificities of thatoperator.

In addition, the platform can provide many other services aimed atsimplifying and standardizing interchange between the user and theservice provider. Thus, in a preferred embodiment, the inventionprovides features at the platform that consist in providing: i) enhancedsecurity; ii) management of services; and iii) rationalized invoicing.

The platform is advantageously managed by a trustworthy third entity whocentralizes and filters the sensitive data necessary for performing thefeatures.

More particularly, in a first aspect, the invention providesintermediation apparatus designed to interconnect at least one serviceprovider and at least one user provided with at least one communicationsterminal, by using at least one non-Internet channel;

-   -   said intermediation apparatus being characterized in that it        comprises:        -   intelligent connection management means for:            -   selecting a non-Internet channel of an operator, which                channel is used by a terminal of the user; and            -   selecting an outgoing protocol and an outgoing                communications channel by referring to databases;        -   protocol conversion means controlled by the management means            so as to interconnect a service provider using a channel            that implements a first communications protocol and a user            using the non-Internet channel that implements a second            communications protocol; and        -   an invoicing unit which performs overall and automated            invoicing for each user and periodic distribution of            collected payments to the various service providers and to            the various operators of the non-Internet channels.

The apparatus may periodically enter into communication with a userterminal (UT) in order to transfer characteristic data that ischaracteristic of the services used by the user by means of the terminal(UT), said terminal containing an application and a secure memory so asto store said characteristic data of the service used, which data isnecessary for invoicing. The apparatus may implement transfer ofcharacteristic data necessary for invoicing on its own initiative duringslack periods during which activity levels drop. Said characteristicdata necessary for invoicing may, for example be located in the securitymodule of a telephone.

The apparatus of the invention also makes it possible to provide meansof tracking subscribers of a non-Internet channel operator by system forchanging non-Internet channel operators as a function of the use of agiven service, in a manner transparent for the user. Each change ofoperators may take place at a given place as a function of the requestedservice, or for a given service as a function of the geographicallocation of the subscriber.

In a second aspect, the invention makes provision for the use ofapparatus of the first aspect for enabling a service to be distributedby a service provider.

In a third aspect, the invention makes provision for the use ofapparatus of the first aspect by an operator of non-Internetcommunications channels, e.g. a mobile telephone operator, to make itpossible to distribute services via its communications network.

In a fourth aspect, the invention provides a method for distributingservices to at least one user from a service provider by means ofintermediation apparatus of the first aspect, said method comprising thefollowing steps:

-   -   detecting a connection request from a service provider for        connection using a first protocol;    -   checking the identity of the service provider;    -   searching for at least one user to be reached;    -   identifying a non-Internet channel to be used to reach the or        each user specified by the service provider;    -   checking the identity of the or each user specified;    -   setting up a communication with the or each user specified;    -   creating a communications link with conversion between first and        second protocols for connecting the service provider with the or        each specified and validly identified user;    -   recording the service data necessary for invoicing;    -   performing overall and automated invoicing for each user; and    -   periodically distributing collected payments to the various        service providers and to the various operators of the        non-Internet channels.

In a fifth aspect, the invention provides a method for enabling a userto access a service provided by a service provider by means ofintermediation apparatus of the first aspect, said method comprising thefollowing steps:

-   -   detecting a connection request from a user for connection using        a second protocol over a non-Internet communications channel;    -   checking the identity of the user;    -   requesting a service offered by a service provider;    -   identifying a channel implementing a first protocol and to be        used to reach the service provider requested by the user;    -   checking the identity of the service provider;    -   setting up a communication with the service provider;    -   creating a communications link with conversion between first and        second protocols so as to interconnect the validly identified        user and the validly identified service provider;    -   recording the service data that is necessary for the invoicing;    -   performing overall and automated invoicing for each user; and    -   periodically distributing the collected payments to the various        service providers and to the various operators of the        non-Internet channels.

The invention and the advantages that result from it will appear moreclearly on reading the following description of a preferred embodiment,given merely by way of non-limiting example and with reference to theaccompanying drawings, in which:

FIG. 1, described above, is a diagram showing the possibilities forconventional connection between service providers and service users viathe Internet; and

FIG. 2 is a simplified block diagram showing how an intelligentintermediation platform for non-Internet communications channels in apreferred embodiment of the invention is integrated into the contextshown in FIG. 1.

As shown in FIG. 2, the intelligent intermediation platform 12 in thepreferred embodiment of the invention is situated between the serviceproviders SP and the user terminals UT that use non-Internetcommunications channels and that can be used by a service user U.

The platform 12 can be in the form of a set of technical means groupedtogether on a single geographical site or distributed over a pluralityof sites.

In the example shown, the user terminals served by the platform usecommunications channels lying outside the Internet protocol and theycomprise: a second-generation or third-generation mobile telephone 2, aPDA 14, a PC 4 communicating to the “Bluetooth” or 802.11x Standard, andan iTV set-top box 16. Naturally, other terminals making it possible touse non-Internet communications channels can be used: video games,equipment on board vehicles, etc.

The non-Internet channels NIC used by the terminals 2, 4, 14, 16 canconsist in: i) not using the Internet at all or ii) using the Internet,but for a portion of the link only, the remainder of the link lyingoutside the Internet.

Said channels are in the form of communications gateways that vary fromone user terminal to another, since they are related firstly to theprotocol used and secondly to the operator, e.g. the various MNOs usingthe WAP gateways 8 as described with reference to FIG. 1.

The function of the platform is thus to manage putting three types ofentity into communication with one another: namely the users, thecommunications gateway operators, and the service providers.

In order to provide such connectivity and communication between theservice providers and the users, the platform includes:

-   -   a central data unit 18 which incorporates two data bases:        -   i) a “service provider” database 20 which groups together            all of the files and data necessary for dialoguing with the            service providers SP and for representing said service            providers; and        -   ii) a “user” database which groups together all of the files            and data necessary for dialoguing with the users and for            representing said users;    -   a protocol conversion unit 24 functionally connected to the        service providers SP via communications channels CP1        implementing first communications protocols, and to the user        terminals UT via communications channels NIC implementing second        communications protocols. This unit thus constitutes the point        through which the incoming and outgoing protocols pass between        the service providers SP and the users U. It accepts all of the        N1 second protocols of the various non-Internet channels coming        from the user terminals UT and all of the N2 first protocols of        the various channels of the service providers, and it performs        both-way conversion between any one of the N1 first protocols        and any one of the N2 second protocols.

The term “protocol” (as applied to the service providers or to theusers) is to be understood in its broadest sense, and to includetransport protocols such as Transmission Control Protocol/InternetProtocol (TCP/IP), 802.11, application protocols, session managementprotocols, presentation protocols, etc.

By way of indication, such protocols on the user side can include:

-   -   cellular mobile telephone networks of second and third        generation (2 G, 2.5 G, and 3 G such as the Global System for        Mobile communications (GSM), the Wireless Application Protocol        (WAP), the General Packet Radio Service (GPRS), and the        Universal Mobile Telecommunications System (UMTS)), for each        operator providing access to those networks, and further        combined with the various types of possible message transmission        (Short Message Service (SMS), Multimedia Message Service (MMS),        electronic mail, etc.). Protocol conversion in the broadest        sense thus covers setting up a specific communication related to        the choice of a certain MNO, then practical use of the        communications gateway of that MNO for interconnecting a user        and a service provider;    -   interactive television (iTV) networks;    -   private local networks (Local Area Networks (LANs) and Wireless        Local Area Networks (WLANs));    -   pico-networks such as “Bluetooth” and 802.11;    -   etc.

The codes necessary for the various possible protocol conversioncombinations are extracted from the service provider database 20 andfrom the user database 22 via an intelligent connection management unit26.

Said codes make it possible for the protocol conversion unit 24:

-   -   for a transmission to a user terminal UT, to extract the payload        data arriving in compliance with any of the service provider        protocols, to reformat it selectively in compliance with any of        the user protocols, and to transmit it to the addressee user        terminal UT; and    -   for a transmission to a service provider, to extract the payload        data arriving in compliance with any of the user protocols, to        reformat it selectively in compliance with any of the service        provider protocols, and to transmit it to the addressee service        provider.

Since the connections set up in this way between the users U and theservice providers SP are generally secure (cf. feature i) below), theprotocol conversion unit 24 constitutes a secure element of theplatform. To this end, it is protected by hardware and software securitymeans (e.g. by being physically closed and provided with firewalls).

In practice, any given user U can have a plurality of possible userterminals UT via which said user can communicate with a service providerSP. The problem of choosing the most appropriate user terminal thenarises when a service provider wishes to make contact with a user, if itis to be avoided to contact said user on all of said user's terminals,which would tend to give rise to congestion of the communications media.

In order to solve this problem, the intelligent connection managementunit 26 accesses a user terminal directory of the user database 22 thatcontains:

-   -   firstly the relationship links between each user U and each user        terminal UT via which the user can be reached by the platform;        and    -   secondly, the relationship links between each user terminal UT        listed in this way and the user protocol that it uses. For        example, if the user terminal UT is a mobile telephone terminal        2, the second communications terminal can be the GSM, UTMS        protocol via the operator X on which it is parented. A        relationship thus exists between each user terminal UT and the        communications operators.

The directory thus makes it possible to determine the candidate userterminals UT for each user U, and to determine how to access them.

In order to establish intelligent selection of any particular one of theuser terminals, the connection management unit 26 further has access toa “user terminal intelligent selection” second directory of the userdatabase 22. This directory contains, for each user U, the followingparameters:

-   -   a link between each of the user terminals listed in the first        directory and the time variable (date and time of day of        connection request), making it possible to facilitate selection        of a candidate terminal as a function of said variable;    -   a link between said terminals and the geographical situation of        the user, making it possible to facilitate selection of a        candidate terminal as a function of the location of the user;    -   detection of the active terminals;    -   the history of the prior uses of the terminals (last used,        etc.);    -   the specific wishes of the users (e.g. using a list of        preferences);    -   the technical characteristics of possible user terminals        (terminal models, available memory capacity, etc.);    -   the indications for selection as a function of the technical        characteristics of the message to be forwarded from the service        provider SP (volume in bytes, text, image, sound file, etc.);    -   the indications for selection as a function of the        characteristics of the contents of the message (degree of        urgency, confidentiality, generic or specific contents, etc.);        and    -   the service provider who might contact the user.

The time variable and geographical situation parameters can be combinedin an overall criterion if the geographical situation can be determinedonly on the basis of the time variable.

The parameters are combined and weighted by the intelligent connectionmanagement unit 26 on pre-established bases so as to deliver as outputthe specific choice of the user terminal UT that is to be accessed foreach connection request from a service provider.

The intermediation platform 12 of the preferred embodiment offers arange of technical features aiming to unite the service providers SP andthe users U. These features are centralized around the intelligentconnection management unit 26 which groups together the intelligence ofthe intermediation platform 12, and which, in this capacity, performs,inter alia, internal management and delegation of tasks to the otherunits.

In the example, the features are as follows:

-   -   i) security for making the link between the user and the service        provider secure;    -   ii) management of services; and    -   iii) rationalized invoicing.

i) Security for making the link between the user and the serviceprovider secure.

This feature comprises:

-   -   firstly checking the identities of the user and of the service        provider for a given service; and    -   secondly setting up a secure communications tunnel between the        user and the service provider SP.

The security for the link between the user and a service provider ismanaged by a security unit 28 with reference to security files stored inthe service provider database 20 and in the user database 22, usingtechniques that are known per se.

More particularly, the security unit 28 accesses an “identification”first set of security files and an “enciphering” second set of files.

For each user U and for each service provider, the first set of securityfiles comprises:

-   -   the personal identity data of the user/of the service provider,        including the various personal codes, International Mobile        Subscriber Identity (IMSI)/Individual Subscriber Authentication        Key (Ki) identifiers, passwords, logins, symmetric keys and        asymmetric keys, etc.    -   the links between the personal identity data and the services of        the service providers for which the data will be requested; and    -   a personal identifier specific to the intermediation platform        and making it possible to check the right of access thereto.

For each user U and for each service provider, the second set ofsecurity files comprises:

-   -   the various enciphering algorithms used for interchanging        sensitive data between the user and each service provider SP;    -   the data specific to the enciphering: public keys and private        keys, module keys, coefficients of mathematical functions, etc.;    -   the protocols for interchange of such specific data for        establishing the enciphering; and    -   the links between this information and each service provider,        making it possible to adapt the enciphering and thus the secure        communications tunnel between the user and a service provider on        specific terms.

By using said security files, the security unit 28 thus makes itpossible to offer security guarantees both for the service provider andfor the service user, the service provider no longer having to make theidentity checks for itself, and being guaranteed that all transactionswill take place automatically in a protected environment under theauspices of a trustworthy third party.

ii) Management of Services

The intermediation platform 12 makes it possible for the user toregister with it either for a new service or for a new parameterizationof a service for which the user is already registered. It also enablesusers who are subscribers to a communications gateway operator of theMNO type to access all of the services offered by the service providers.It then takes charge of the logistics aspect of activating the serviceand of making it available on the user terminal UT. In other words, theservice provider SP merely needs to give approval, the platform beingcapable of downloading the software and the access codes relating to thenew services or to their new parameterization.

This aspect is handled by a service management unit 30 that has accessto a library of application programs and of parameterizations relatingto the various services offered by the service providers, which libraryis contained in the service provider database 20.

From this library, the service activation unit 30 selectively extracts aprogram so as to download it to a user terminal UT of a user who hasrequested it. The authorization for the downloading is validated by anacceptance signal coming either directly from the service provider inquestion, or from data stored in the user database 22 that makes itpossible to establish whether the requesting user is indeed authorizedto receive the program in question.

Each program is stored in different forms in the library (language,internal parameterization, limited or full version, etc.) depending onthe user terminal UT and therefore on the user to which it is destined.This information can be accessed remotely by the service provider forstatistics purposes.

iii) Rationalized Invoicing

This feature is provided by an invoicing unit 32 that has access to aset of files in the service provider database 20 and in the userdatabase 22. These files contain information relating to any transactionbetween each user U and each service provider SP that leads to aninvoice (purchase of goods or of services) or entering into thecalculation of invoicing (using up of flat-rate call time, etc.).

The intermediation platform 12 offers rationalized invoicing for all ofthe various services offered by the service providers SP. For the user,this feature makes it possible to pay in a single payment for aplurality of services provided by various service providers and obtainedvia the platform over a given period.

Overall invoicing is managed by an invoicing unit 32 that performsautomated accounting for each user. This unit 32 includes a userdatabase U, with, for each user, links concerning:

-   -   each pay service to which the user is subscribed, and the        corresponding personalization (flat-rate call time, extent of        services, etc.);    -   the pricing for the service (sum per unit of time used        (telephony, information bases, etc.) or per unit of quantity of        modules (files, films, pieces of music, etc.) downloaded);    -   the amount of the invoice for each order placed for services        enabling online purchases to be made (books, travel, tickets,        articles from mail order catalogues, multimedia products, games,        etc.); and    -   the provider of each service invoiced.

In addition, the invoicing unit 32 periodically distributes the paymentscollected from the set of users U to the various providers SP on thebasis of the above-mentioned breakdown. It also sends to the serviceproviders the itemized information contained in its database forinternal management purposes.

The invoicing unit 32 also manages payment to the various operators ofthe non-Internet channels NIC, e.g. the mobile telephone operators(MNOs) in order to invoice the communications service proper.

It then becomes possible, via the intermediation platform 12:

-   -   to pay on line;    -   to invoice the service providers;    -   to invoice the users;    -   to record transactions; and    -   to pay over sums to the non-Internet channel operators.

In a variant, the user communications terminal has an application whosefunction is to store, in a secure memory of the terminal, data that ischaracteristic of the services used by the user, and that is necessaryfor invoicing. For example, the application and the secure memory spacecan be situated in the security module of a mobile telephone. Theintermediation platform periodically enters into communication with theterminal in order to transfer said data so as to perform invoicing usingthe above-described method. Such periodic communication can beestablished on the initiative of the platform, which chooses a slackperiod in which activity drops, or on the initiative of a terminal, e.g.when its secure memory becomes saturated. This mode of producinginvoices offers the advantages of imparting flexibility to theintermediation platform which does not need to store, in real time, theinformation on all of the transactions, of making a high level ofreliability and security possible because the terminals generally havesecure means such as a security module, and are best placed to recordall of the services implemented by a user via said terminals. Forexample, such a service can be a security service consisting in forminga digital signature, each digital signature formed by a user terminalbeing counted so as to be invoiced using the above-described method.

Examples of operation of the intermediation platform 12.

The platform offers a myriad of operating possibilities because of themultiplicity of its features and of its possibilities for cooperationbetween its features, and, via its communications means, with theservice providers SP and the users U. The following examples of useconstitute merely a small sample of these possibilities.

I. Use of the intermediation platform by a user.

This case of use involves the following steps:

I.i) The intelligent connection management unit 26 detects a connectionrequest from a user for connection via a second protocol.

The connection management unit permanently receives all of the incomingcalls arriving at the protocol conversion unit, and initiates theremainder of the connection process as soon as a call is received.

I.ii) The security unit 28 identifies the calling user.

The call from the user from its user terminal goes through software forgeneral filtering and reception produced by the intermediation platformand serving as a general portal.

The software detects firstly whether the user is already registered andthen makes it possible for the user to transmit to the intermediationplatform the personal access code of the user.

If the transmitted code is valid, the platform then transmits to theuser terminal a validation code enabling the general filtering softwareto present a page giving access to the available services.

I.iii) The service management unit 30 requests access to a serviceoffered by a service provider.

The user thus validly identified selects a service from the access page,and the software specific to the selected service appears on the userterminal. The user terminal transmits to the platform the personal codesof access to the service, which codes are recognized by the servicemanagement unit 32. The service management unit activates the softwarein question at the platform so as to handle management of the running ofthe software. It informs the intelligent connection management unit 26of the service provider SP in question.

I.iv) The intelligent connection management unit 26 identifies thechannel for access to the service provider SP in question.

This identification is performed by referring to the service providerdatabases 20 which identify the channel implementing a first protocolfor each user, possibly with selection criteria when a plurality ofchannels are possible. The choice can thus be guided by the state ofcongestion of the various channels.

I.v) The security unit 28 verifies the identity of the service providerSP.

The security unit verifies the identity of the called service provideranalogously to the verification of the user U in step I.ii) above.

I.vi) The protocol conversion unit 24 sets up a communication with theservice provider SP.

The protocol conversion unit calls the service provider in question byusing the communications channel of the first protocol indicated by theintelligent connection management unit 26.

I.vii) The protocol conversion unit creates a communications link withconversion between the first and second protocols so as to interconnectthe validly identified user and the validly identified service provider.

When the service provider is validly identified, the protocol conversionunit 24 acts to enable data to be interchanged in both directionsbetween the service user and the service provider, by reformatting thedata from the first protocol used to the second protocol used, and viceversa.

If it is required for the communications link between the serviceprovider SP and the user U to be made secure, the platform performs anadditional step, during creation of the link (cf. step I.vii) above),which additional step consists in making the link a securecommunications tunnel (SCT), by using the security unit 28. The tunnelis based on enciphering between the service provider SP and the user U.

To this end, the smart card of the user terminal UT selectivelytransmits the enciphering keys, personal codes, identifiers, IMSI/Ki keyof the GSM subscription, key specific to the platform, etc. to thesecurity unit of the platform, the service provider SP doing the same.

Advantageously, the code is stored, like all the other security data, ina chip card associated with the terminal (e.g. a Subscriber IdentityModule (SIM) card for a mobile telephone).

It should be noted that the platform thus performs the tasks essentialto security from one end to the other of the communications link betweenthe user U and the service provider SP, in transparent mode and withoutany direct action from said service provider.

I.viii) The invoicing unit 32 invoices the user.

At regular intervals, e.g. once per month, the invoicing unit 32transmits to the user an overall and itemized invoice produced for allof the services provided by the various service providers SP during theinterval.

II. Use of the intermediation platform by a service provider.

The intermediation platform 12 serves as single entity for the serviceproviders, for communicating directly with the users, and for delegatingtasks that ordinarily they must perform. A service provider SP can thusinitiate a communication with a particular user or with a group ofusers, selected on the basis of technical criteria (e.g. users havingterminals of a certain type) or commercial criteria (e.g. using acertain type of service).

In both cases, the process of use is substantially analogous to when auser U initiates the connection, the steps being as follows:

II.i) The intelligent connection management unit 26 detects a connectionrequest from a service provider for connection via a second protocol.This step is analogous to step I.i) above, with the second protocolbeing detected.

II.ii) The security unit 28 checks the identity of the service providerSP.

This step is identical to step I.vi above.

II.iii) The intelligent connection management unit 26 searches for theat least one user to be reached.

The connection management unit 26 interrogates the service provider todetermine the user U or the group of users that the service providerwishes to reach via the intermediation platform 12, either by anominative indication or by predetermined selection criteria.

II.iv) The intelligent connection management unit identifies anon-Internet channel (NIC) to be used to reach the or each user Uspecified by the service provider SP.

After having determined each user to be reached, the intelligentconnection management unit 26 searches the user databases 22 for:

-   -   identifying intelligently the user terminal UT with which a link        is to be set up, by referring to the selection criteria in the        user database 22; they make it possible, in particular, to        select one of a plurality of possible terminals in the        possession of the user; and    -   identifying the communications channel implementing the second        protocol to be used for the user terminal of the user, or of        each user of the group, indicated by the service provider.

II.v) The security unit 28 checks the identity of the or of eachspecified user.

This step is identical to step II.ii) above, as applied to the or eachspecified user.

II.vi) The protocol conversion unit 24 sets up a communication with theor each user U identified.

This step is analogous to step I.vi) above, the connection being set upthis time over a non-Internet channel NIC using a second protocol makingit possible to reach the user or each user whom the service providerwishes to contact.

II.vii) The protocol conversion unit creates a communications link withprotocol conversion between the first and second protocols so as toconnect the service provider with the or each specified and validlyidentified user.

This step is identical to step I.vii) above, possibly as applied to aplurality of users.

The security option for creating a secure communications tunnel that isdescribed above for step I.vii) can also apply in this case, performedin the same way.

Thus, the service provider SP accesses a given user U or a given groupof users U by firstly calling the intermediation platform 12 so as todialogue with the intelligent connection management unit 26.

II.viii) The invoicing unit 32 pays the service providers for theservices.

At regular intervals, e.g. once per month, the invoicing unit 32 paysover to the service providers the sums that are due to them and thathave been invoiced in step I.viii) above.

It should be noted that the invention offers major advantages because itenables three entities to be used optimally, namely the user terminals,the communications gateways, and the service providers, by means of theuse of a fourth entity, namely the intermediation platform of theinvention. Each entity obtains a situation that is more advantageous:

-   -   A user can go transparently from one service to another, free of        the constraints related to a particular communications operator.        At any given place, a user can use two different communications        operators to obtain two different services. The user can thus        access the services in geographically transparent manner, since        they can cross borders without that having any influence on the        service used. The invention thus represents an advantageous        solution for tracking subscribers, such a solution being known        as “roaming”. As explained above, a subscriber to any given        operator can, in flexible and user-friendly manner, use the        communications networks of other operators with whom they have        no subscription.    -   A communications operator can offer its communications service        to users other than its subscribers, and can make it possible        for its subscribers to access a large number of services in        user-friendly manner.    -   A service provider can access a large number of users without        having to go through a particular communications operator.

In addition to the above advantages, it should be noted that theinvention offers the following remarkable capacities:

-   -   capacity to be adapted or upgraded, user-friendliness (choice of        connections), and flexibility (by combining various functions);    -   security through: i) identifying the players (users and service        providers) and ii) creating end-to-end security, with a secure        communications tunnel being set up, thereby creating end-to-end        security between the user and the service provider;    -   management of the services; and    -   rationalized invoicing.

The invention makes it possible for numerous variants to be obtained interms of the features offered, of the communications means used by theplatform, of the management of transactions, and of the software andhardware means implemented, etc.

1. Intermediation apparatus to interconnect at least one serviceprovider and at least one user provided with at least one communicationsterminal, said intermediation apparatus comprising: intelligentconnection management means for: selecting a non-Internet channel of anoperator, which channel is used by a terminal of the user; and selectingan outgoing protocol and an outgoing communications channel by referringto databases; protocol conversion means controlled by the managementmeans so as to interconnect a service provider using a channel thatimplements a first communications protocol and a user using thenon-Internet channel that implements a second communications protocol;and an invoicing unit which performs overall and automated invoicing foreach user and periodic distribution of collected payments to the variousservice providers and to the various operators of the non-Internetchannels.
 2. Apparatus according to claim 1, wherein the non-Internetchannel comprises at least one mobile telephone network of a givenoperator.
 3. Apparatus according to claim 1 wherein the connectionmanagement means select a non-Internet channel from among a plurality ofpossible channels for reaching a terminal of a user on the basis ofoptimized selection criteria stored in said databases, said storedcriteria comprising at least one of the following: time at which theconnection request is made; geographical situation of the user;detection of active user terminal(s); history of prior uses of the userterminals; specific desires made known by the user; technicalcharacteristics of possible user terminals; technical characteristics ofthe message to be forwarded from the service provider; contents of amessage; and the service provider.
 4. Apparatus according to claim 1,further comprising means for identifying a service provider and a user.5. Apparatus according to claim 1, further comprising security means forsetting up of a secure communications link between the service providerand a user terminal of a user.
 6. Apparatus according to claim 1,further comprising service management means comprising means for storingservice software and means for selectively downloading software to agiven user terminal.
 7. Apparatus according to claim 1, wherein theinvoicing unit accesses files from a service provider database and froma user database, which databases contain information relating to anytransaction between each user and each service provider so as to send toeach user an overall invoice for all of the sums due for each serviceobtained with one or more service providers over a given interval oftime.
 8. Apparatus according to claim 1, wherein a user terminalcontains an application and a secure memory in order to storecharacteristic data of the services used, and the apparatus periodicallyenters into communication with the user terminal in order to transferthe characteristic data of the services used by the user by means of theterminal which data is necessary for invoicing.
 9. Apparatus accordingto claim 8, wherein the transfer of the characteristic data that isnecessary for invoicing is automatically performed during slack periodsduring which activity drops.
 10. Apparatus according to claim 8 whereinthe characteristic data necessary for invoicing is transferred to thesecurity module of a telephone.
 11. The use of apparatus according toclaim 1 for enabling a service to be distributed by a service provider.12. The use of apparatus according to claim 1 by an operator ofnon-Internet communications channels to make it possible to distributeservices via its communications network.
 13. The use according to claim12, wherein the operator is a mobile telephone operator.
 14. A methodfor enabling a user to access a service provided by a service providerby means of intermediation apparatus, said method comprising thefollowing steps: detecting connection request from a user for connectionusing a second protocol over a non-Internet communications channel;checking the identity of the user; requesting a service offered by aservice provider; identifying a channel implementing a first protocoland to be used to reach the service provider requested by the user;checking the identity of the service provider; setting up acommunication with the service provider; creating a communications linkwith conversion between first and second protocols so as to interconnectthe validly identified user and the validly identified service provider;recording the service data that is necessary for invoicing; performingoverall and automated invoicing for each user; and periodicallydistributing collected payments to the various service providers and tothe various operators of the non-Internet channels.
 15. A method fordistributing services to at least one user from a service provider bymeans of intermediation apparatus, said method comprising the followingsteps: detecting a connection request from a service provider forconnection using a first protocol; checking the identity of the serviceprovider; searching for at least one user to be reached; identifying anon-Internet channel to be used to reach each user specified by theservice provider; checking the identity of each user specified; settingup a communication with each user specified; creating a communicationslink with conversion between first and second protocols for connectingthe service provider with each specified and validly identified user;recording service data necessary for invoicing; performing overall andautomated invoicing for each user; and periodically distributingcollected payments to the various service providers and to the variousoperators of the non-Internet channels.
 16. Apparatus according to claim1, further including means for tracking subscribers, to enablenon-Internet channel operators to be changed as a function of the use ofa given service, in a manner transparent for the user.